< Back
Send-SyslogMessage
Post
NAME Send-SyslogMessage
SYNOPSIS
Sends a SYSLOG message to a server running the SYSLOG daemon
SYNTAX
Send-SyslogMessage -Server <String> -Message <String> -Severity {Emergency | Alert | Critical | Error | Warning |
Notice | Informational | Debug} -Facility {kern | user | mail | daemon | auth | syslog | lpr | news | uucp | clock
| authpriv | ftp | ntp | logaudit | logalert | cron | local0 | local1 | local2 | local3 | local4 | local5 | local6
| local7} [-Hostname <String>] [-ApplicationName <String>] [-Timestamp <DateTime>] [-Port <UInt16>] [-Transport
{UDP | TCP | TCPwithTLS}] [-ProcessID <String>] [-MessageID <String>] [-StructuredData <String>] [-FramingMethod
<String>] [-SslProtocols {None | Ssl2 | Ssl3 | Tls | Default | Tls11 | Tls12 | Tls13}]
[-DoNotValidateTLSCertificate] [<CommonParameters>]
Send-SyslogMessage -Server <String> -Message <String> -Severity {Emergency | Alert | Critical | Error | Warning |
Notice | Informational | Debug} -Facility {kern | user | mail | daemon | auth | syslog | lpr | news | uucp | clock
| authpriv | ftp | ntp | logaudit | logalert | cron | local0 | local1 | local2 | local3 | local4 | local5 | local6
| local7} [-Hostname <String>] [-ApplicationName <String>] [-Timestamp <DateTime>] [-Port <UInt16>] [-Transport
{UDP | TCP | TCPwithTLS}] [-FramingMethod <String>] [-SslProtocols {None | Ssl2 | Ssl3 | Tls | Default | Tls11 |
Tls12 | Tls13}] [-DoNotValidateTLSCertificate] -RFC3164 [<CommonParameters>]
DESCRIPTION
Sends a message to a SYSLOG server as defined in RFC 5424 and RFC 3164. It can use UDP, TCP or TCP with TLS/SSL.
PARAMETERS
-Server <String>
Destination SYSLOG server that message is to be sent to.
Required? true
Position? named
Default value
Accept pipeline input? false
Accept wildcard characters? false
-Message <String>
Our message or content that we want to send to the server. This is option in RFC 5424, the CMDLet still has
this as a madatory parameter, to send no message, simply specifiy '-' (as per RFC).
Required? true
Position? named
Default value
Accept pipeline input? true (ByPropertyName)
Accept wildcard characters? false
-Severity
Severity level as defined in SYSLOG specification, must be of ENUM type Syslog_Severity
Required? true
Position? named
Default value
Accept pipeline input? true (ByPropertyName)
Accept wildcard characters? false
-Facility
Facility of message as defined in SYSLOG specification, must be of ENUM type Syslog_Facility
Required? true
Position? named
Default value
Accept pipeline input? true (ByPropertyName)
Accept wildcard characters? false
-Hostname <String>
Hostname of machine the message is about, if not specified, RFC 5425 selection rules will be followed.
Required? false
Position? named
Default value
Accept pipeline input? false
Accept wildcard characters? false
-ApplicationName <String>
Specify the name of the application or script that is sending the mesage. If not specified, will select the
ScriptName, or if empty, powershell.exe will be sent. To send Null, specify '-' to meet RFC 5424.
Required? false
Position? named
Default value
Accept pipeline input? true (ByPropertyName)
Accept wildcard characters? false
-Timestamp <DateTime>
Time and date of the message, must be of type DateTime. Correct format will be selected depending on RFC
requested. If not specified, will call get-date to get appropriate date time.
Required? false
Position? named
Default value (Get-Date)
Accept pipeline input? true (ByPropertyName)
Accept wildcard characters? false
-Port <UInt16>
SYSLOG UDP (or TCP) port to which to send the message. Defaults to 514, if not specified.
Required? false
Position? named
Default value 514
Accept pipeline input? true (ByPropertyName)
Accept wildcard characters? false
-Transport
Transport protocol (TCP or UDP or TCP with TLS) over which the message will be sent. Default is UDP.
[ValidateSet('UDP','TCP', 'TCPwithTLS')]
[String]
Required? false
Position? named
Default value UDP
Accept pipeline input? true (ByPropertyName)
Accept wildcard characters? false
-ProcessID <String>
ProcessID or PID of generator of message. Will automatically use $PID global variable. If you want to override
this and send null, specify '-' to meet RFC 5424 rquirements.
Required? false
Position? named
Default value $PID
Accept pipeline input? true (ByPropertyName)
Accept wildcard characters? false
-MessageID <String>
Error message or troubleshooting number associated with the message being sent. If you want to override this
and send null, specify '-' to meet RFC 5424 rquirements.
Required? false
Position? named
Default value -
Accept pipeline input? true (ByPropertyName)
Accept wildcard characters? false
-StructuredData <String>
Key Pairs of structured data as a string as defined in RFC5424. Default will be '-' which means null.
Required? false
Position? named
Default value -
Accept pipeline input? true (ByPropertyName)
Accept wildcard characters? false
-FramingMethod <String>
Framing method used for the message, default is 'Octet-Counting' (see RFC6587 section 3.4). This only applies
when TCP is used for transport (no effect on UDP messages).
Required? false
Position? named
Default value Octet-Counting
Accept pipeline input? true (ByPropertyName)
Accept wildcard characters? false
-SslProtocols
SSL/TLS Protocols to be used when connecting to server. Default is TLS1.2.
Required? false
Position? named
Default value Tls12
Accept pipeline input? true (ByPropertyName)
Accept wildcard characters? false
-DoNotValidateTLSCertificate [<SwitchParameter>]
Do not validate the SSL/TLS certificate presented by the server.
Required? false
Position? named
Default value False
Accept pipeline input? true (ByPropertyName)
Accept wildcard characters? false
-RFC3164 [<SwitchParameter>]
Send an RFC3164 fomatted message instead of RFC5424.
Required? true
Position? named
Default value False
Accept pipeline input? true (ByPropertyName)
Accept wildcard characters? false
<CommonParameters>
This cmdlet supports the common parameters: Verbose, Debug,
ErrorAction, ErrorVariable, WarningAction, WarningVariable,
OutBuffer, PipelineVariable, and OutVariable. For more information, see
about_CommonParameters (https:/go.microsoft.com/fwlink/?LinkID=113216).
INPUTS
OUTPUTS
Nothing is output
NOTES
NAME: Send-SyslogMessage
AUTHOR: Kieran Jacobsen (kjacobsen)
Jared Poeppelman (powershellshock)
Ronald Rink (dfch)
Xtrahost
Fredruk Furtenbach (flic)
-------------------------- EXAMPLE 1 --------------------------
PS C:\\>Send-SyslogMessage -Server mySyslogserver -Message 'The server is down!' -Severity Emergency -Facility Mail
Sends a syslog message to mysyslogserver, saying "server is down", severity emergency and facility is mail
-------------------------- EXAMPLE 2 --------------------------
PS C:\\>Send-SyslogMessage -Server mySyslogserver -Message 'The server is up' -Severity Informational -Facility
Mail -Transport TCP
Sends a syslog message to mysyslogserver, using TCP, saying "server is up", severity informational and facility is
mail
RELATED LINKS
https://github.com/poshsecurity/Posh-Syslog
https://poshsecurity.com
SYNOPSIS
Sends a SYSLOG message to a server running the SYSLOG daemon
SYNTAX
Send-SyslogMessage -Server <String> -Message <String> -Severity {Emergency | Alert | Critical | Error | Warning |
Notice | Informational | Debug} -Facility {kern | user | mail | daemon | auth | syslog | lpr | news | uucp | clock
| authpriv | ftp | ntp | logaudit | logalert | cron | local0 | local1 | local2 | local3 | local4 | local5 | local6
| local7} [-Hostname <String>] [-ApplicationName <String>] [-Timestamp <DateTime>] [-Port <UInt16>] [-Transport
{UDP | TCP | TCPwithTLS}] [-ProcessID <String>] [-MessageID <String>] [-StructuredData <String>] [-FramingMethod
<String>] [-SslProtocols {None | Ssl2 | Ssl3 | Tls | Default | Tls11 | Tls12 | Tls13}]
[-DoNotValidateTLSCertificate] [<CommonParameters>]
Send-SyslogMessage -Server <String> -Message <String> -Severity {Emergency | Alert | Critical | Error | Warning |
Notice | Informational | Debug} -Facility {kern | user | mail | daemon | auth | syslog | lpr | news | uucp | clock
| authpriv | ftp | ntp | logaudit | logalert | cron | local0 | local1 | local2 | local3 | local4 | local5 | local6
| local7} [-Hostname <String>] [-ApplicationName <String>] [-Timestamp <DateTime>] [-Port <UInt16>] [-Transport
{UDP | TCP | TCPwithTLS}] [-FramingMethod <String>] [-SslProtocols {None | Ssl2 | Ssl3 | Tls | Default | Tls11 |
Tls12 | Tls13}] [-DoNotValidateTLSCertificate] -RFC3164 [<CommonParameters>]
DESCRIPTION
Sends a message to a SYSLOG server as defined in RFC 5424 and RFC 3164. It can use UDP, TCP or TCP with TLS/SSL.
PARAMETERS
-Server <String>
Destination SYSLOG server that message is to be sent to.
Required? true
Position? named
Default value
Accept pipeline input? false
Accept wildcard characters? false
-Message <String>
Our message or content that we want to send to the server. This is option in RFC 5424, the CMDLet still has
this as a madatory parameter, to send no message, simply specifiy '-' (as per RFC).
Required? true
Position? named
Default value
Accept pipeline input? true (ByPropertyName)
Accept wildcard characters? false
-Severity
Severity level as defined in SYSLOG specification, must be of ENUM type Syslog_Severity
Required? true
Position? named
Default value
Accept pipeline input? true (ByPropertyName)
Accept wildcard characters? false
-Facility
Facility of message as defined in SYSLOG specification, must be of ENUM type Syslog_Facility
Required? true
Position? named
Default value
Accept pipeline input? true (ByPropertyName)
Accept wildcard characters? false
-Hostname <String>
Hostname of machine the message is about, if not specified, RFC 5425 selection rules will be followed.
Required? false
Position? named
Default value
Accept pipeline input? false
Accept wildcard characters? false
-ApplicationName <String>
Specify the name of the application or script that is sending the mesage. If not specified, will select the
ScriptName, or if empty, powershell.exe will be sent. To send Null, specify '-' to meet RFC 5424.
Required? false
Position? named
Default value
Accept pipeline input? true (ByPropertyName)
Accept wildcard characters? false
-Timestamp <DateTime>
Time and date of the message, must be of type DateTime. Correct format will be selected depending on RFC
requested. If not specified, will call get-date to get appropriate date time.
Required? false
Position? named
Default value (Get-Date)
Accept pipeline input? true (ByPropertyName)
Accept wildcard characters? false
-Port <UInt16>
SYSLOG UDP (or TCP) port to which to send the message. Defaults to 514, if not specified.
Required? false
Position? named
Default value 514
Accept pipeline input? true (ByPropertyName)
Accept wildcard characters? false
-Transport
Transport protocol (TCP or UDP or TCP with TLS) over which the message will be sent. Default is UDP.
[ValidateSet('UDP','TCP', 'TCPwithTLS')]
[String]
Required? false
Position? named
Default value UDP
Accept pipeline input? true (ByPropertyName)
Accept wildcard characters? false
-ProcessID <String>
ProcessID or PID of generator of message. Will automatically use $PID global variable. If you want to override
this and send null, specify '-' to meet RFC 5424 rquirements.
Required? false
Position? named
Default value $PID
Accept pipeline input? true (ByPropertyName)
Accept wildcard characters? false
-MessageID <String>
Error message or troubleshooting number associated with the message being sent. If you want to override this
and send null, specify '-' to meet RFC 5424 rquirements.
Required? false
Position? named
Default value -
Accept pipeline input? true (ByPropertyName)
Accept wildcard characters? false
-StructuredData <String>
Key Pairs of structured data as a string as defined in RFC5424. Default will be '-' which means null.
Required? false
Position? named
Default value -
Accept pipeline input? true (ByPropertyName)
Accept wildcard characters? false
-FramingMethod <String>
Framing method used for the message, default is 'Octet-Counting' (see RFC6587 section 3.4). This only applies
when TCP is used for transport (no effect on UDP messages).
Required? false
Position? named
Default value Octet-Counting
Accept pipeline input? true (ByPropertyName)
Accept wildcard characters? false
-SslProtocols
SSL/TLS Protocols to be used when connecting to server. Default is TLS1.2.
Required? false
Position? named
Default value Tls12
Accept pipeline input? true (ByPropertyName)
Accept wildcard characters? false
-DoNotValidateTLSCertificate [<SwitchParameter>]
Do not validate the SSL/TLS certificate presented by the server.
Required? false
Position? named
Default value False
Accept pipeline input? true (ByPropertyName)
Accept wildcard characters? false
-RFC3164 [<SwitchParameter>]
Send an RFC3164 fomatted message instead of RFC5424.
Required? true
Position? named
Default value False
Accept pipeline input? true (ByPropertyName)
Accept wildcard characters? false
<CommonParameters>
This cmdlet supports the common parameters: Verbose, Debug,
ErrorAction, ErrorVariable, WarningAction, WarningVariable,
OutBuffer, PipelineVariable, and OutVariable. For more information, see
about_CommonParameters (https:/go.microsoft.com/fwlink/?LinkID=113216).
INPUTS
OUTPUTS
Nothing is output
NOTES
NAME: Send-SyslogMessage
AUTHOR: Kieran Jacobsen (kjacobsen)
Jared Poeppelman (powershellshock)
Ronald Rink (dfch)
Xtrahost
Fredruk Furtenbach (flic)
-------------------------- EXAMPLE 1 --------------------------
PS C:\\>Send-SyslogMessage -Server mySyslogserver -Message 'The server is down!' -Severity Emergency -Facility Mail
Sends a syslog message to mysyslogserver, saying "server is down", severity emergency and facility is mail
-------------------------- EXAMPLE 2 --------------------------
PS C:\\>Send-SyslogMessage -Server mySyslogserver -Message 'The server is up' -Severity Informational -Facility
Mail -Transport TCP
Sends a syslog message to mysyslogserver, using TCP, saying "server is up", severity informational and facility is
RELATED LINKS
https://github.com/poshsecurity/Posh-Syslog
https://poshsecurity.com